def start_tor(self): """ This function executes the workflow of starting the hidden service. """ if not self.local_port: control_host = jm_single().config.get("PAYJOIN", "tor_control_host") control_port = int(jm_single().config.get("PAYJOIN", "tor_control_port")) if str(control_host).startswith('unix:'): control_endpoint = UNIXClientEndpoint(reactor, control_host[5:]) else: control_endpoint = TCP4ClientEndpoint(reactor, control_host, control_port) d = txtorcon.connect(reactor, control_endpoint) d.addCallback(self.create_onion_ep) d.addErrback(self.setup_failed) else: d = Deferred() d.callback(None) d.addCallback(self.create_onion_ep) # TODO: add errbacks to the next two calls in # the chain: d.addCallback(self.onion_listen) d.addCallback(self.print_host)
def start_tor(self): """ This function executes the workflow of starting the hidden service and returning its hostname """ self.info_callback("Attempting to start onion service on port: {} " "...".format(self.virtual_port)) if self.hidden_service_dir == "": if str(self.tor_control_host).startswith('unix:'): control_endpoint = UNIXClientEndpoint( reactor, self.tor_control_host[5:]) else: control_endpoint = TCP4ClientEndpoint(reactor, self.tor_control_host, self.tor_control_port) d = txtorcon.connect(reactor, control_endpoint) d.addCallback(self.create_onion_ep) d.addErrback(self.setup_failed) # TODO: add errbacks to the next two calls in # the chain: d.addCallback(self.onion_listen) d.addCallback(self.print_host) else: ep = "onion:" + str(self.virtual_port) + ":localPort=" ep += str(self.serving_port) # endpoints.TCPHiddenServiceEndpoint creates version 2 by # default for backwards compat (err, txtorcon needs to update that ...) ep += ":version=3" ep += ":hiddenServiceDir=" + self.hidden_service_dir onion_endpoint = serverFromString(reactor, ep) d = onion_endpoint.listen(self.proto_factory) d.addCallback(self.print_host_filesystem)
def testSSH101(self): def finished(): pass keypaths = [ # '/data/dev/beholder/sys/ssh-keys/client_rsa.pub', '/data/dev/beholder/sys/ssh-keys/client_rsa' ] keys = [] for keyPath in keypaths: if os.path.exists(keyPath): keys.append(readKey(keyPath)) knownHostsPath = '/home/jan/.ssh/known_hosts' knownHosts = KnownHostsFile.fromPath(FilePath(knownHostsPath)) # for entry in knownHosts.iterentries(): # if entry.matchesHost(b"[localhost]:2222"): # print("yess!!!!!!!!!!!!!!!!!!!!!") # print(entry) agentEndpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"]) client = SSHCmdClient(b"localhost", 2222, b"user", keys=keys, knownhosts=knownHosts, agent=None) self.assertIsNotNone(client) endpoint = client.newConnection("ls") self.assertIsNotNone(endpoint) factory = Factory() factory.protocol = TestProtocol d = endpoint.connect(factory) d.addCallback(finished) return d
def sign(self, challenge): if "SSH_AUTH_SOCK" not in os.environ: raise Exception("no ssh-agent is running!") factory = Factory() factory.noisy = False factory.protocol = SSHAgentClient endpoint = UNIXClientEndpoint(self._reactor, os.environ["SSH_AUTH_SOCK"]) d = endpoint.connect(factory) @inlineCallbacks def on_connect(agent): # we are now connected to the locally running ssh-agent # that agent might be the openssh-agent, or eg on Ubuntu 14.04 by # default the gnome-keyring / ssh-askpass-gnome application blob = _pack(['ssh-ed25519', self.public_key(binary=True)]) # now ask the agent signature_blob = yield agent.signData(blob, challenge) algo, signature = _unpack(signature_blob) agent.transport.loseConnection() returnValue(signature) return d.addCallback(on_connect)
def main(): address = FilePath(sys.argv[1]) startLogging(sys.stdout) factory = Factory() factory.protocol = ReceiveFDProtocol factory.quiet = True endpoint = UNIXClientEndpoint(reactor, address.path) connected = endpoint.connect(factory) def succeeded(client): return client.whenDisconnected def failed(reason): print("Could not connect:", reason.getErrorMessage()) def disconnected(ignored): reactor.stop() connected.addCallbacks(succeeded, failed) connected.addCallback(disconnected) reactor.run()
def fromConfig(cls, reactor): keys = [] if "identity" in _CONFIG: keyPath = os.path.expanduser(_CONFIG["identity"]) if os.path.exists(keyPath): keys.append(readKey(keyPath)) knownHostsPath = FilePath(os.path.expanduser(_CONFIG["knownhosts"])) if knownHostsPath.exists(): knownHosts = KnownHostsFile.fromPath(knownHostsPath) else: knownHosts = None if "no-agent" in _CONFIG or "SSH_AUTH_SOCK" not in os.environ: agentEndpoint = None else: agentEndpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"]) if "password" in _CONFIG: password = _CONFIG["password"] else: password = None return cls(reactor, _CONFIG["host"], _CONFIG["port"], _CONFIG["username"], password, keys, knownHosts, agentEndpoint)
def fromCommandLine(cls, reactor, argv): config = EchoOptions() config.parseOptions(argv) keys = [] if config["identity"]: keyPath = os.path.expanduser(config["identity"]) if os.path.exists(keyPath): keys.append(readKey(keyPath)) knownHostsPath = FilePath(os.path.expanduser(config["knownhosts"])) if knownHostsPath.exists(): knownHosts = KnownHostsFile.fromPath(knownHostsPath) else: knownHosts = None if config["no-agent"] or "SSH_AUTH_SOCK" not in os.environ: agentEndpoint = None else: agentEndpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"]) return cls( reactor, config["host"], config["port"], config["username"], config["password"], keys, knownHosts, agentEndpoint, )
def get_connection_helper(reactor, address, username, port): """ Get a :class:`twisted.conch.endpoints._ISSHConnectionCreator` to connect to the given remote. :param reactor: Reactor to connect with. :param bytes address: The address of the remote host to connect to. :param bytes username: The user to connect as. :param int port: The port of the ssh server to connect to. :return _ISSHConnectionCreator: """ try: agentEndpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"]) except KeyError: agentEndpoint = None return _NewConnectionHelper(reactor, address, port, None, username, keys=None, password=None, agentEndpoint=agentEndpoint, knownHosts=KnownHostsFile.fromPath( FilePath("/dev/null")), ui=ConsoleUI(lambda: _ReadFile(b"yes")))
def main(reactor): tor = yield txtorcon.connect( reactor, UNIXClientEndpoint(reactor, "/var/run/tor/control")) print("Connected to Tor version {}".format(tor.version)) url = 'https://www.torproject.org:443' print("Downloading {}".format(url)) resp = yield treq.get(url, agent=tor.web_agent()) print(" {} bytes".format(resp.length)) data = yield resp.text() print("Got {} bytes:\n{}\n[...]{}".format( len(data), data[:120], data[-120:], )) print("Creating a circuit") state = yield tor.create_state() circ = yield state.build_circuit() yield circ.when_built() print(" path: {}".format(" -> ".join([r.ip for r in circ.path]))) print("Downloading meejah's public key via above circuit...") resp = yield treq.get( 'https://meejah.ca/meejah.asc', agent=circ.web_agent(reactor, tor.config.socks_endpoint(reactor)), ) data = yield resp.text() print(data)
def __init__(self, reactor, socket_path=None): super(IPCWorkerService, self).__init__() self.reactor = reactor self.socket_path = socket_path if self.socket_path is None: self.socket_path = get_ipc_socket_path() self.endpoint = UNIXClientEndpoint(reactor, self.socket_path) self.protocol = None
def connectClient(self): class TraphClientFactory(Factory): def buildProtocol(this, addr): return self.client t = TraphClientFactory() if not self.corpus.factory.chatty: t.noisy = False UNIXClientEndpoint(reactor, self.socket).connect(t)
def agent_for_socks_port(reactor, torconfig, socks_config, pool=None): """ This returns a Deferred that fires with an object that implements :class:`twisted.web.iweb.IAgent` and is thus suitable for passing to ``treq`` as the ``agent=`` kwarg. Of course can be used directly; see `using Twisted web cliet <http://twistedmatrix.com/documents/current/web/howto/client.html>`_. If you have a :class:`txtorcon.Tor` instance already, the preferred API is to call :meth:`txtorcon.Tor.web_agent` on it. :param torconfig: a :class:`txtorcon.TorConfig` instance. :param socks_config: anything valid for Tor's ``SocksPort`` option. This is generally just a TCP port (e.g. ``9050``), but can also be a unix path like so ``unix:/path/to/socket`` (Tor has restrictions on the ownership/permissions of the directory containing ``socket``). If the given SOCKS option is not already available in the underlying Tor instance, it is re-configured to add the SOCKS option. """ # :param tls: True (the default) will use Twisted's default options # with the hostname in the URI -- that is, TLS verification # similar to a Browser. Otherwise, you can pass whatever Twisted # returns for `optionsForClientTLS # <https://twistedmatrix.com/documents/current/api/twisted.internet.ssl.optionsForClientTLS.html>`_ socks_config = str(socks_config) # sadly, all lists are lists-of-strings to Tor :/ if socks_config not in torconfig.SocksPort: txtorlog.msg("Adding SOCKS port '{}' to Tor".format(socks_config)) torconfig.SocksPort.append(socks_config) try: yield torconfig.save() except Exception as e: raise RuntimeError( "Failed to reconfigure Tor with SOCKS port '{}': {}".format( socks_config, str(e) ) ) if socks_config.startswith('unix:'): socks_ep = UNIXClientEndpoint(reactor, socks_config[5:]) else: if ':' in socks_config: host, port = socks_config.split(':', 1) else: host = '127.0.0.1' port = int(socks_config) socks_ep = TCP4ClientEndpoint(reactor, host, port) returnValue( Agent.usingEndpointFactory( reactor, _AgentEndpointFactoryUsingTor(reactor, socks_ep), pool=pool, ) )
def setUp(self): path = self.mktemp() self.app = fixture(self) self.port = reactor.listenUNIX( path, Site(self.app.resource()), ) self.addCleanup(self.port.stopListening) self.agent = ProxyAgent(UNIXClientEndpoint(reactor, path), reactor) super(RealTests, self).setUp()
def __init__(self, reactor, socket_path=None): super().__init__() self.reactor = reactor self.socket_path = socket_path if self.socket_path is None: self.socket_path = get_ipc_socket_path() self.endpoint = UNIXClientEndpoint(reactor, self.socket_path) self._protocol = None self.protocol = DeferredValue() self.processId = DeferredValue()
def new(cls, pubkey=None, reactor=None): """ Create a proxy for a key held in SSH agent. :param pubkey: A string with a public Ed25519 key in SSH format. :type pubkey: unicode """ pubkey = _read_ssh_ed25519_pubkey(pubkey) if not reactor: from twisted.internet import reactor from twisted.internet.defer import inlineCallbacks, returnValue from twisted.internet.protocol import Factory from twisted.internet.endpoints import UNIXClientEndpoint from twisted.conch.ssh.agent import SSHAgentClient if "SSH_AUTH_SOCK" not in os.environ: raise Exception("no ssh-agent is running!") factory = Factory() factory.noisy = False factory.protocol = SSHAgentClient endpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"]) d = endpoint.connect(factory) @inlineCallbacks def on_connect(agent): keys = yield agent.requestIdentities() # if the key is found in ssh-agent, the raw public key (32 bytes), and the # key comment as returned from ssh-agent key_data = None key_comment = None for blob, comment in keys: raw = unpack(blob) algo = raw[0] if algo == u'ssh-ed25519': algo, _pubkey = raw if _pubkey == pubkey: key_data = _pubkey key_comment = comment.decode('utf8') break agent.transport.loseConnection() if key_data: key = signing.VerifyKey(key_data) returnValue(cls(key, key_comment, reactor)) else: raise Exception("Ed25519 key not held in ssh-agent") return d.addCallback(on_connect)
def get_agent(self): """ Get the SSH agent endpoint. """ reactor = self.reactor if "SSH_AUTH_SOCK" in os.environ: agent_endpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"]) else: agent_endpoint = None return agent_endpoint
def assemble(): transport = { "type": "rawsocket", "url": "ws://localhost/ws", "endpoint": UNIXClientEndpoint(reactor, sock_path), "serializer": "cbor", } component = Component(transports=[transport], realm="deskconn", session_factory=GPIOComponent) component._transports[0].max_retries = 0 return component
def ensure_agent_has_ssh_key(reactor, key): """ Check that the running ssh-agent has the private key corresponding to the provided key. :param reactor: The reactor to use to connect to the agent. :param Key key: The ssh key to check for in the agent. :return Deferred: That fires with a successful result if the key is found. Otherwise, fails with ``AgentNotFound`` or ``KeyNotFound``. """ try: agent_socket = os.environ["SSH_AUTH_SOCK"] except KeyError: return fail(AgentNotFound()) if not key.isPublic(): key = key.public() action = start_action( action_type="flocker.provision.ssh:check_agent_has_ssh_keys", key_fingerprint=key.fingerprint(), agent_socket=agent_socket) with action.context(): agent_endpoint = UNIXClientEndpoint(reactor, agent_socket) agent_protocol = SSHAgentClient() connected = DeferredContext( connectProtocol(agent_endpoint, agent_protocol)) connected.addCallback(lambda _: agent_protocol.requestIdentities()) def check_keys(results): for key_data, comment in results: agent_key = Key.fromString(key_data, type='blob') Message.new(message_type="flocker.provision.ssh:agent_key", key_fingerprint=agent_key.fingerprint(), commnet=comment).write() if agent_key == key: return True raise KeyNotFound(expected_key=key) connected.addCallback(check_keys) def disconnect(result): agent_protocol.transport.loseConnection() return result connected.addBoth(disconnect) return connected.addActionFinish()
def main(reactor): ep = UNIXClientEndpoint(reactor, '/var/run/tor/control') tor = yield txtorcon.connect(reactor, ep) def log(msg): print msg print "Connected to a Tor version", tor.protocol.version for event in ['INFO', 'NOTICE', 'WARN', 'ERR']: tor.protocol.add_event_listener(event, log) is_current = yield tor.protocol.get_info('status/version/current') version = yield tor.protocol.get_info('version') print("Version '{}', is_current={}".format( version, is_current['status/version/current'])) yield defer.Deferred()
def setUp(self): # We use relpath as you can't bind to a path longer than 107 # chars. You can easily get an absolute path that long # from mktemp, but rather strangely bind doesn't care # how long the abspath is, so we call relpath here and # it should work as long as our method names aren't too long path = os.path.relpath(self.mktemp()) self.app = fixture(self) self.port = reactor.listenUNIX( path, Site(self.app.resource()), ) self.addCleanup(self.port.stopListening) self.agent = ProxyAgent(UNIXClientEndpoint(reactor, path), reactor) super(RealTests, self).setUp()
def open(self): """open the connection to the lircd socket""" def gotProtocol(result): """now we have a connection""" self.protocol = result self.protocol.wrapper = self logDebug(self, None, 'got lirc protocol') def gotNoProtocol(result): """something went wrong""" print "got no connection to lirc: %s" % result point = UNIXClientEndpoint(reactor, self.irwSocket, timeout=2) factory = ClientFactory() factory.protocol = LircProtocol point.connect(factory).addCallback(gotProtocol).addErrback( gotNoProtocol)
def installPools(pools, maxClients=5, reactor=None): if reactor is None: from twisted.internet import reactor for name, pool in pools.items(): if pool["ClientEnabled"]: if pool.get("MemcacheSocket"): ep = UNIXClientEndpoint(reactor, pool["MemcacheSocket"]) else: ep = GAIEndpoint(reactor, pool["BindAddress"], pool["Port"]) _installPool( name, pool["HandleCacheTypes"], ep, maxClients, reactor, )
def passTo(self, host, protocol): orig_socket = protocol.transport.socket if not host: host = b'default' try: for vhost in self.vhosts: if vhost.hostname.match(host): dest_socket = vhost.socket endpoint = UNIXClientEndpoint(reactor, dest_socket) connected = endpoint.connect(Factory.forProtocol(Protocol)) connected.addCallback( partial(self.passClientTo, orig_socket)) connected.addBoth(partial(self.disconnect, protocol)) return finally: pass
def main(reactor, *argv): if "SSH_AUTH_SOCK" not in os.environ: raise Exception("no ssh-agent is running!") factory = Factory() factory.protocol = SSHAgentClient endpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"]) d = endpoint.connect(factory) @inlineCallbacks def on_connect(proto): print("connected to agent. keys held currently:") keys = yield proto.requestIdentities() for blob, comment in keys: print("Key: {}".format(comment)) proto.transport.loseConnection() return d.addCallback(on_connect)
def main(reactor): """ Close all open streams and circuits in the Tor we connect to """ control_ep = UNIXClientEndpoint(reactor, '/var/run/tor/control') tor = yield txtorcon.connect(reactor, control_ep) state = yield tor.create_state() print("Closing all circuits:") for circuit in list(state.circuits.values()): path = '->'.join(map(lambda r: r.id_hex, circuit.path)) print("Circuit {} through {}".format(circuit.id, path)) for stream in circuit.streams: print(" Stream {} to {}".format(stream.id, stream.target_host)) yield stream.close() print(" closed") yield circuit.close() print("closed") yield tor.quit()
def ConnectToChaperone(cls, reactor, chaperoneDetails, playgroundAddress): if cls.__muxer: cls.__muxer.chaperone.connectionLost("Chaperone and/or Address Change") if cls.__muxer.chaperone.transport: cls.__muxer.chaperone.transport.loseConnection() if len(chaperoneDetails) == 2: addr, port = chaperoneDetails chaperoneEndpoint = TCP4ClientEndpoint(reactor, addr, int(port)) elif len(chaperoneDetails) == 1: chaperoneEndpoint = UNIXClientEndpoint(reactor, chaperoneDetails[0]) else: raise ValueError('expected (addr, port) or (socket,) tuple but got %s' % chaperoneDetails) cls.__muxer = BotMuxer(playgroundAddress) cls.__playgroundAddress = playgroundAddress return connectProtocol(chaperoneEndpoint, cls.__muxer.chaperone)
def __init__(self, args=None): '''Args must be an object with the following attributes: socketpath, verbose Suitable defaults will be supplied.''' # Pass command line args to ProtocolIVSHMSG, then open logging. if args is None: args = argparse.Namespace() for arg, default in self._required_arg_defaults.items(): setattr(args, arg, getattr(args, arg, default)) self.args = args # checkPID looks for <socketpath>.lock which the server sets up # as a symlink to file named <PID> E = UNIXClientEndpoint(TIreactor, args.socketpath, timeout=1, checkPID=False) E.connect(self)
def start_tor(self): """ This function executes the workflow of starting the hidden service and returning its hostname """ self.info_callback("Attempting to start onion service on port: {} " "...".format(self.port)) if str(self.tor_control_host).startswith('unix:'): control_endpoint = UNIXClientEndpoint(reactor, self.tor_control_host[5:]) else: control_endpoint = TCP4ClientEndpoint(reactor, self.tor_control_host, self.tor_control_port) d = txtorcon.connect(reactor, control_endpoint) d.addCallback(self.create_onion_ep) d.addErrback(self.setup_failed) # TODO: add errbacks to the next two calls in # the chain: d.addCallback(self.onion_listen) d.addCallback(self.print_host)
async def _main(reactor): if False: print("launching tor") tor = await txtorcon.launch(reactor, progress_updates=print) else: tor = await txtorcon.connect( reactor, UNIXClientEndpoint(reactor, "/var/run/tor/control"), ) print("Connected to tor {}".format(tor.version)) # here, we've just chosen 1234 as the port. We have three other # options: # - select a random, unused one ourselves # - put "ports=[80]" below, and find out which port txtorcon # selected after # - use a Unix-domain socket # we create a Tor onion service on a specific local TCP port print("Creating onion service") onion = await tor.create_onion_service( ports=[(80, 1234) # 80 is the 'public' port, 1234 is local ], private_key= 'RSA1024:MIICWwIBAAKBgQCmHEH1y7/RUUeeaSTgB3iQFfWMep38JDlAbDoEPltRxzgEh8bXMsNbemdiCuZmJVni96KrRh2/I2NwWi6C81xfcA8BjVzdCmEbL1B+KOeqZlrjoEMQl56NpbXIIzFZdyILaQtv3EZMoShNHSkta6e66oWUu2B2fkluwYyPxRAdvQIDAQABAoGAYkObHX2PlpK/jE1k3AZvYsUqwhSTOuJu39ZmJ7Z/rQvt7ngnv4wvFwF9APmzvD9iQir+FtXeqQCVRZSDqUGvpW0WgA+8aDA3BGWCZwKhWRWj18RLjsMX+wKP6OBpSIlNjELU8zc5PWWsCmT7AqAdVD7vqp2895LiP4M8vwwZB30CQQDb/fjoG1VWpFWXgjRHEYOoPj7d7J5FcRrbSgc57lvMv/2+4OVl2aRaGEjigfBnR7Pjbyxv/5K1h078PBWNumjPAkEAwUyN3SLJOMBM74LS2jh9AB/sNitLT7/O1f8zT0siC58TmTbeZsj3VqSsmrUiVSptQcOm+5F0UPvYxsI+B2UbswJAdV9dq8jZkS6AlCNd7QUFL4B2XkVedEJSR+mJTXlE9UsCARNQkTS7oW4PhPo633+8FH4+QUskZUHZ/G26OjHYtQJAIAKyd418LzbBRuSuUE8MfEnND0dqKGHGOfASKi5yC+SjFTtd5z2eoC2TG+elMN9eyoZBD+YNkh+yzW97YDQhOwJAKFKLmdlJve1lJah1ZllZfk2ipNeYVX+q1Mv7TE6IXGqU/Xt3HS8h9Zd8ml/Yms1z9X7hFIjQ/XcSiJhqcin8Vg==', version=2, # FIXME use v3; using old tor for now progress=print, ) # we're now listening on some onion service URL and re-directing # public port 80 requests to local TCP port 1234. app = create_aio_application() runner = web.AppRunner(app) await as_deferred(runner.setup()) site = web.TCPSite(runner, 'localhost', 1234) await as_deferred(site.start()) # now we're completely set up print("Onion site on http://{}".format(onion.hostname)) await Deferred()
def connectionSecure(self): self._state = b'AUTHENTICATING' def running_cb(_): self._state = b'RUNNING' cb = Deferred() cb.addCallback(running_cb) self._user_auth = UserAuth(os.getlogin(), ClientConnection(cb)) if "SSH_AUTH_SOCK" in os.environ: agentEndpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"]) d = self._user_auth.connectToAgent(agentEndpoint) else: d = succeed(None) def agent_init_done(_): self.requestService(self._user_auth) d.addBoth(agent_init_done)